每日安全动态推送(6-7)
2024-6-7 17:8:9 Author: mp.weixin.qq.com(查看原文) 阅读量:0 收藏
Tencent Security Xuanwu Lab Daily News

• libaom Video Codec Library Exposed: Critical CVE-2024-5171 Vulnerability with CVSS 10:
https://securityonline.info/libaom-video-codec-library-exposed-critical-cve-2024-5171-vulnerability-with-cvss-10/

   ・ libaom和libvpx中的关键漏洞CVE-2024-5171和CVE-2024-5197,这些漏洞可导致远程代码执行,对系统造成严重影响。 – SecTodayBot

• Hackers Target Python Developers with Fake "Crytic-Compilers" Package on PyPI:
https://thehackernews.com/2024/06/hackers-target-python-developers-with.html

   ・ Python软件包PyPI存储库中发现了恶意软件包,企图传递名为Lumma的信息窃取者。另外,超过300个WordPress网站遭到入侵,显示恶意Google Chrome更新弹窗,并利用合法的WordPress插件进行恶意代码上传。 – SecTodayBot

• SecretPixel: Advanced Image Steganography Tool:
https://meterpreter.org/secretpixel-advanced-image-steganography-tool/

   ・ SecretPixel是一款先进的隐写术工具,结合了AES-256加密、压缩和种子LSB隐写技术,提供了一个强大的嵌入数据并且难以检测的解决方案。该工具的最大亮点在于其高级加密和隐写技术的结合,为信息隐藏提供了高度安全性和难以察觉性。  – SecTodayBot

• Apple Refused to Pay $1 Million Bounty to Kaspersky Lab for iOS Zero-days:
https://gbhackers.com/apple-kaspersky-zero-days/

   ・ 卡巴斯基实验室发现的iOS关键漏洞,后者发现了一个允许攻击者在任何iPhone上安装间谍软件的漏洞。文章披露了新的漏洞信息,对iOS中的漏洞进行了详细分析,还涉及到了针对iOS的网络间谍活动和卡巴斯基实验室的应对。  – SecTodayBot

• Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers:
https://www.trendmicro.com/en_us/research/24/f/commando-cat-a-novel-cryptojacking-attack-.html

   ・ 一种新型的加密货币挖矿攻击,利用Docker远程API服务器部署恶意软件。攻击者通过公开的Commando项目的Docker镜像来实施攻击,利用chroot和卷绑定等技术突破容器,进而侵入主机系统。 – SecTodayBot

• What’s Going on With Check Point (CVE-2024-24919)?:
https://www.greynoise.io/blog/whats-going-on-with-checkpoint-cve-2024-24919

   ・ 披露了CheckPoint Security Gateway CVE-2024-24919漏洞及其利用细节 – SecTodayBot

• 資安通報:PHP 遠端程式碼執行 (CVE-2024-4577) - PHP CGI 參數注入弱點:
https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability/

   ・ PHP的一个新漏洞,该漏洞涉及远程代码执行和PHP CGI参数注入 – SecTodayBot

• Secshow’s Massive DNS Probing Operation Exposed:
https://securityonline.info/secshows-massive-dns-probing-operation-exposed/

   ・ 一个名为Secshow的大规模DNS探测行动,以及安全工具Cortex Xpanse的行为如何放大了该行动的影响 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959685&idx=2&sn=8b8b30c76479e9680e03d005efd55826&chksm=8baed11abcd9580c4688d836d451b00fdf17002ec3b961912417b19718949e4ef7e37f5c66d1&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh